Blog Posts Tagged with "Code Review"
To “Open Source” or “Not to Open Source”
July 27, 2012 Added by:Andrew Sanicola
Many open source products have add-ons, extensions, plug-ins etc. which make them attractive. While the core application itself is mostly secure, it is these extensions and plug-ins contributed by many diverse developers and organizations that introduce vulnerabilities into the open source product as a whole...
Comments (0)
What’s Going Right with Your Secure Development Efforts?
May 04, 2012 Added by:Fergal Glynn
Security professionals place developer’s code under a microscope and highlight each and every flaw, so you can appreciate why there may be some tension. Testing of code only offers assessments of what they did wrong. Can we apply a different lens while having this conversation?
Comments (0)
Pitting Education Against Cyber Attacks
March 26, 2012 Added by:Frank Kim
In the relentless struggle to protect against cyber attacks, companies must identify vulnerabilities before hackers have an opportunity to exploit them. With software applications, a logical path to the early identification of vulnerabilities begins at the development stage...
Comments (0)
Scanning Applications Faster - A Chicken vs. Egg Problem
October 09, 2011 Added by:Rafal Los
We need to shift the security culture from "find bugs" to "fix bugs" or else we're in deep, deep trouble. Don't get me wrong, once the software industry has figured out how to write secure software by design, then we can worry about demanding bigger, better, faster scanning automation...
Comments (0)
Web Application Attack and Audit Framework 1.0 Released
June 03, 2011 Added by:Headlines
"w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more..."
Comments (0)
Think You Can’t Afford Code/App Testing? Think Again...
May 19, 2011 Added by:Brent Huston
Today, you have a plethora of code review automation tools and source code scanners. These tools make an easy way to pick the low hanging (and sometimes higher) vulnerabilities out of your code long before it is exposed to malicious outsider/insider contact...
Comments (1)
Implementing Complex Systems for Testing Application Logic
March 07, 2011 Added by:Rafal Los
Creating a system or a testing framework which can appropriately enable a previously entirely manual process is tricky - and while fully automating the finding of logic flaws may still be beyond our reach the research and ideas presented herein are steps forward to that direction...
Comments (0)
Software Security Assurance Psychology - The Legacy Code
March 04, 2011 Added by:Rafal Los
An application has been relied upon successfully for months or years (decades?), and now that the organization finally gave you access to it because they touched/modified one small component you've found a systemic bug which requires a large-scale effort to remediate. Herein lies the rub...
Comments (0)
Application Vulnerabilities are Like Landmines
March 02, 2011 Added by:Ron Lepofsky
Application owners sometimes get confused when doing a follow-up audit after they have implemented all recommendations made in an original audit. Some owners think they can save money on a subsequent audit simply by having an auditor validate the mitigation recommendations were implemented correctly...
Comments (0)
Top 5 Ridiculous Hacking Scenes in Movies
November 03, 2010 Added by:Bozidar Spirovski
Like any technology-fed phenomenon with increasing public exposure, hacking is often ill-conceived and exaggerated in movie scenes. The following are five of the most implausible and amusing scenes that have resulted from this approach to hacker depiction in movies...
Comments (13)
How Do You Know That Your Software Is Secure?
August 17, 2010 Added by:PCI Guru
Software is everywhere these days, and is in almost everything from flat panel televisions to furnaces. As more devices get connected to networks, the risk that backdoors or sleeper code will be used to obtain surreptitious access to these devices increases...
Comments (0)
PCI DSS and Code Reviews
August 02, 2010 Added by:PCI Guru
Requirement 6.6 of the PCI DSS discusses the concept of code reviews or the implementation of an application firewall to protect Internet facing applications...
Comments (4)
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox